CVE-2021-21905

Name of the Vulnerable Software and Affected Versions Garrett Metal Detectors iC Module CMA version 5.0

Description A stack-based buffer overflow issue exists in the CMA readfile function of the Garrett Metal Detectors iC Module. The iC Module provides an authenticated command-line interface over TCP port 6877, which is used by the CMA Connect GUI client to interact with the device on behalf of the user. After successful authentication, clients can send plaintext commands to manipulate the device.

Recommendations For Garrett Metal Detectors iC Module CMA version 5.0, consider restricting access to the TCP port 6877 until a patch is available. As a temporary workaround, consider disabling the CMA readfile function until a patch is available. Avoid sending plaintext commands to the device until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.